Security of data in outsourcing with data protection act 1998 UK

On 22nd August 1998, the data protection act 1998 came into existence. The main purpose behind this was to consolidate the data protection act 1984 and the Access to Personal Files Act 1987, as well as bringing the law at par with the European Data Protection Directive. In order to bring the UK law into line with the European Union data protection drive 1995, the data protection act was implemented in 1998 as a part of United Kingdom Act of Parliament.

Key definitions of the Data Protection Act 1998 UK

This law defines the processing of data on identifiable living people. This law has now become the main legislation governing the personal data protection in UK. While the European Union data protection directive dealt with protecting people’s fundamental rights for freedom and privacy for Processing Of Personal Data, the uk law itself does not mention Privacy.

Data Protection Act 1998 provides individuals a way to have some power about their personal information. Except when the data is collected and used for domestic use, each individual is legally obliged to follow this act. As with every other act, these act also has some exemptions as well as principles. But the main requirement is that the individuals as well as the companies are required to maintain the confidentiality their personal information.

For legal reasons, some aspects of this act have been subsequently refined keeping in mind the legalities. Most notable changes have been in the field of marketing and electronic communication, like the requirement of consent while carrying out marketing activities.

As per this act, the personal data of all individuals that can be identified as living individuals by way of their names and addresses, phone numbers or email addresses that have been registered, The purview of the act is that only the data that is held or is intended to be held on computers or any other official electronic equipments in a relevant filing system. This act in itself protects the rights of individuals and firms who store, process and transmit their data on electronic devices.

Under this act, a person is entitled to view any data that an organisation holds on them, request correction of data, obtain knowledge of the usage of the said data, and object if data is used for direct marketing.

While this data protection act was formulated to protect the public interest, it has gain a repute for its complexities, making it harder to implement as the interpretation is not always simple.